Security

Meta and Yandex were tracking Android users’ browsing data far more closely than they should have been, according to researchers. They bypassed the Android “sandbox” in some browsers, letting them de-anonymize users, track how they browse, and then use that data in native Facebook, Instagram, and Yandex apps.

The company behind the Murena 2 smartphone and de-Googled Pixel Tablet has announced a new version of its operating system: /e/OS 3.0. It will make better use of the larger screens on tablets and give parents new tools for limiting screen time and app access.

On the list of apparel-related data breaches, Adidas was early to the trend. Then, the Victoria’s Secret website was offline for a few days last week as it dealt with a “security incident.”

The company released a statement last week disclosing that an “unauthorized external party” managed to obtain “contact information relating to consumers who had contacted our customer service help desk in the past.”

The tumultuous year under the Trump administration continues for the Cybersecurity and Infrastructure Security Agency (CISA), as many senior officials across the agency have recently left, or will soon be leaving, according to a report by The Washington Post and cited by Cybersecurity Drive. These departures punctuate numerous setbacks the agency has faced since Trump took office, including being told to halt its election security efforts and almost lapsing the CVE program that some of the world’s biggest companies rely on to track cybersecurity vulnerabilities.

On Monday, a report from 404Media found that a hacker obtained direct messages and CBP contact information from TeleMessage after Mike Waltz was spotted using the company’s modified version of Signal.

Donald Trump announced Thursday that he would remove Michael Waltz as National Security Advisor and appoint him as ambassador to the United Nations. CBS reported earlier that Trump did not want to explicitly fire Waltz, the person who accidentally added The Atlantic’s Jeffrey Goldberg to the group chat, but waited several weeks before he could spin the demotion as part of a reorganization strategy at the National Security Council.

The increase in AI tools, deepfake technology, and fully remote jobs following the covid pandemic has enabled a new kind of scam: workers who take jobs with US and European companies under false identities and send their salaries to the North Korean government.

Dutch right-wing activist Eva Vlaardingerbroek reported receiving a message from Apple, saying the company “detected a targeted mercenary spyware attack against your iPhone.” The message adds, “This attack is likely targeting you specifically because of who you are or what you do.”

Trump’s interview with The Atlantic editor in chief Jeffrey Goldberg (on purpose, this time) is now out. If you choose to use Signal, we have some advice on how, but here’s the president’s take:

After posting to its blog for the first time in 8 years on Friday, 4chan published a new post explaining what took the site down on April 14th, as Engadget spotted. The social media site blames hackers uploading a “bogus PDF” that “exploited an out-of-date software package on one of 4chan’s servers.”

Google’s Scam Detection feature, which works on Pixel Watch 2 and 3 devices connected to a Pixel 9 and newer phone, will notify you if it thinks you’re talking to a scammer on a call, according to a support post.

Apple has won its first legal battle over the UK’s demand for a backdoor to encrypted data: the right to tell everyone it’s happening. The Investigatory Powers Tribunal has ruled on whether Apple’s claim should be kept secret on national security grounds, and Apple won.

After years of providing breach notifications and useful advice about how to avoid getting hacked, Have I Been Pwned operator Troy Hunt’s personal blog mailing list has become the source of a breach after he fell for a fake spam alert phishing attack this week. He has notified subscribers, and is following up for people who unsubscribed but still had data stored by his provider, Mailchimp.